Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All programs crash on open & can't access computer properties


  • This topic is locked This topic is locked
19 replies to this topic

#1 younghawk

younghawk

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 03 May 2015 - 11:46 AM

Hey everyone,

 

So I've been experiencing a lot of unwarranted crashing recently. Let me list out all the strange behavior before pasting the FRST log.

 

  • When I start up my machine, once I reach the desktop screen, very quickly, what looks like a command prompt pops up, is there for maybe a half a second, then closes immediately.
  • When opening some programs now, they crash immediately upon opening. Programs that I've found to be crashing are:
  1. Steam (gaming client) - opens till the point of "downloading client updates", then crashes
  2. Skype - I briefly get the windows 7 "thinking" blue ring, and then nothing happens. Immediate crash.
  3. Windows Media Player and VLC player - Both crash immediately after opening. 
  4. Quicktime and iTunes -  I briefly get the windows 7 "thinking" blue ring, and then nothing happens. Immediate crash.

(Other programs work fine, no problem, like all my browsers (I use chrome and firefox), as well as some other programs like spotify and my drawing programs (alias sketchbook pro 7).

 

  • Not sure if this is connected, but I've found that I can't download anything from Dropbox onto this computer. And when I say "can't download", I mean, there isn't even an option to do so when I log into their web-based client. I have noticed that the option to download is there VERY briefly when I first log in, but disappears within seconds of being on the site. I can download things just fine onto my Cintiq Companion 2, iPad, and work computer. I'm not sure if not being able to download to my desktop is connected to any of this. 
  •  I've found is that if I right-click on my Computer icon, and click on properties in the drop-down menu, it crashes my windows explorer immediately. A quick flash, my desktop disappears, then is all reappears a second later. Still can't access the properties screen. 

And those are all the things I've noticed so far. I've been running Avira on my computer to make sure any surface level virus, spyware and malware is cleaned. It found a total of 6 virus upon scanning, and I've attached those report logs if your interested in seeing what it found. 

 

With all that explained, here's the FRST log. If I can get you guys anything else, please just let me know. I'm eager to work with you to help get this resolved asap: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by BigToews (administrator) on PLUGTOTHEWORLD on 03-05-2015 00:47:38
Running from C:\Users\BigToews\Desktop
Loaded Profiles: BigToews (Available profiles: BigToews)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Alereon) C:\Program Files (x86)\SAMSUNG\Wireless Central Station\AlUwbService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spotify Ltd) C:\Users\BigToews\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Akamai Technologies, Inc.) C:\Users\BigToews\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Toon Boom Animation\Toon Boom Harmony 10.0\win32\bin\ProcessStarter.exe
(Akamai Technologies, Inc.) C:\Users\BigToews\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Toon Boom Animation\Toon Boom Harmony 10.0\win64\bin\tbdbserver.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Autodesk Inc) C:\Program Files (x86)\Autodesk\SketchBook Pro 6.0.1\SketchBookSnapshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Samsung) C:\Program Files (x86)\SAMSUNG\Wireless Central Station\WusbLite.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Dropbox, Inc.) C:\Users\BigToews\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048 2015-04-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320 2015-03-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [Spotify Web Helper] => C:\Users\BigToews\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-01] (Spotify Ltd)
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [Akamai NetSession Interface] => C:\Users\BigToews\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [EPSON Stylus Photo R2880] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICXA.EXE [218112 2007-11-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe ",EntryPoint -m l
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [Spotify] => C:\Users\BigToews\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-01] (Spotify Ltd)
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\MountPoints2: {0d970093-7a8b-11e4-978b-e06995a73967} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk [2012-10-03]
ShortcutTarget: Evoluent Mouse Manager.lnk -> C:\Windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SketchBook Snapshot.lnk [2012-12-12]
ShortcutTarget: SketchBook Snapshot.lnk -> C:\Program Files (x86)\Autodesk\SketchBook Pro 6.0.1\SketchBookSnapshot.exe (Autodesk Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toon Boom Harmony Network Connections.lnk [2013-07-13]
ShortcutTarget: Toon Boom Harmony Network Connections.lnk -> C:\Program Files (x86)\Toon Boom Animation\Toon Boom Harmony 10.0\win32\bin\Toon Boom Harmony Network Connections.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2012-02-25]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\SAMSUNG\Wireless Central Station\WusbLite.exe (Samsung)
Startup: C:\Users\BigToews\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-06-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\BigToews\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BigToews\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BigToews\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BigToews\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BigToews\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BigToews\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BigToews\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BigToews\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ddrnw
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4120417985-3311138565-2582081851-1000 -> DefaultScope {90B7F9EA-3B24-4673-8765-835D26CF83FF} URL = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4120417985-3311138565-2582081851-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324319&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB1CC768A-EF57-48B5-AA1D-5DB9B0F6BEC2&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4120417985-3311138565-2582081851-1000 -> {90B7F9EA-3B24-4673-8765-835D26CF83FF} URL = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll [2012-01-25] (Funmoods BHO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll [2012-01-25] (Funmoods)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\BigToews\AppData\Roaming\Mozilla\Firefox\Profiles\at5cjh7r.default-1385943104367
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-4120417985-3311138565-2582081851-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BigToews\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-03-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4120417985-3311138565-2582081851-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2011-11-17] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-4120417985-3311138565-2582081851-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-27] (Apple Inc.)
FF SearchPlugin: C:\Users\BigToews\AppData\Roaming\Mozilla\Firefox\Profiles\at5cjh7r.default-1385943104367\searchplugins\conduit-search.xml [2014-01-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-12-14]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.funmoods.com/?f=1&a=ddrnw
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browser Safety) - C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-02-10]
CHR Extension: (Bookmark Manager) - C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [2012-01-04]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aluwbservice; C:\Program Files (x86)\SAMSUNG\Wireless Central Station\AlUwbService.exe [11776 2011-04-12] (Alereon) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [815920 2015-03-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-03-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-03-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1004280 2015-03-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104 2015-04-10] (Avira Operations GmbH & Co. KG)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [56648 2015-03-08] (Google Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-02-26] (Macrovision Europe Ltd.) [File not signed]
R2 HarmonyStarter0; C:\Program Files (x86)\Toon Boom Animation\Toon Boom Harmony 10.0\win32\bin\ProcessStarter.exe [36584 2012-08-02] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [5617664 2011-03-21] (SMSC) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 al56xxpt; C:\Windows\System32\Drivers\al56xxpt.sys [31744 2010-07-30] (Alereon Inc.)
S3 ALHWA; C:\Windows\System32\DRIVERS\ALHWA.SYS [224128 2011-02-24] (Alereon, Inc.)
S3 ALURCU; C:\Windows\System32\DRIVERS\ALURCU.SYS [300800 2011-02-09] (Alereon, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-24] (Avira Operations GmbH & Co. KG)
R3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()
R3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x64-n620f.sys [82432 2014-08-19] (SMSC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [117312 2011-03-24] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [19520 2011-03-24] (SMSC)
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 00:47 - 2015-05-03 00:48 - 00028071 _____ () C:\Users\BigToews\Desktop\FRST.txt
2015-05-03 00:47 - 2015-05-03 00:47 - 00000000 ____D () C:\FRST
2015-05-03 00:46 - 2015-05-03 00:46 - 02101248 _____ (Farbar) C:\Users\BigToews\Desktop\FRST64.exe
2015-05-03 00:22 - 2015-05-03 00:25 - 00000000 ____D () C:\Users\BigToews\Desktop\Desktop 2015
2015-05-03 00:19 - 2015-05-03 00:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\BigToews\Downloads\HijackThis (1).exe
2015-05-03 00:19 - 2015-05-03 00:19 - 00015144 _____ () C:\Users\BigToews\Downloads\hijackthis.log
2015-05-03 00:18 - 2015-05-03 00:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\BigToews\Desktop\HijackThis.exe
2015-05-01 20:43 - 2015-05-01 20:43 - 00136782 _____ () C:\Windows\PFRO.log
2015-04-30 01:06 - 2015-05-03 00:11 - 00000448 _____ () C:\Windows\setupact.log
2015-04-30 01:06 - 2015-04-30 01:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-29 22:28 - 2015-04-29 22:28 - 00000000 ____D () C:\Users\Public\Speedup Sessions
2015-04-29 22:25 - 2015-04-29 22:32 - 00000000 ____D () C:\Users\BigToews\AppData\Local\AviraSpeedup
2015-04-29 22:22 - 2015-04-29 22:28 - 00003340 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-04-29 22:22 - 2015-04-29 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-04-29 22:19 - 2015-04-29 22:19 - 00003432 _____ () C:\Windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-29 22:17 - 2015-04-29 22:17 - 00000000 ____D () C:\Users\BigToews\AppData\Roaming\Avira
2015-04-29 22:16 - 2015-03-24 14:59 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-29 22:16 - 2015-03-24 14:59 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-29 22:16 - 2015-03-24 14:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-29 22:16 - 2015-03-24 14:59 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-29 21:58 - 2015-04-29 22:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-29 21:58 - 2015-04-29 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-29 21:58 - 2015-04-29 22:16 - 00000000 ____D () C:\ProgramData\Avira
2015-04-29 21:57 - 2015-04-29 21:58 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\BigToews\Downloads\avira_en_av_55418c0a532cb__ws.exe
2015-04-29 21:46 - 2015-04-29 21:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-29 21:46 - 2015-04-29 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-29 21:17 - 2015-04-29 21:17 - 00003148 _____ () C:\Windows\System32\Tasks\{C4BE80D9-7431-46A2-8602-55438C1AAB67}
2015-04-29 21:08 - 2015-04-29 21:08 - 01384064 _____ (Skype Technologies S.A.) C:\Users\BigToews\Downloads\SkypeSetup (2).exe
2015-04-29 21:08 - 2015-04-29 21:08 - 01384064 _____ (Skype Technologies S.A.) C:\Users\BigToews\Downloads\SkypeSetup (1).exe
2015-04-29 20:37 - 2015-04-29 20:37 - 00000000 ____D () C:\Program Files\Autodesk
2015-04-29 20:34 - 2015-04-29 20:37 - 57787424 _____ () C:\Users\BigToews\Downloads\SketchBook_7.1.1.284_Win64.exe
2015-04-29 20:29 - 2015-04-29 20:32 - 56701680 _____ () C:\Users\BigToews\Downloads\SketchBook_7.1.1.285_Win32.exe
2015-04-19 14:49 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-19 14:49 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-19 14:49 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-19 14:49 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-19 14:49 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-19 14:49 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-19 14:49 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-19 14:49 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-19 14:49 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-19 14:49 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-19 14:49 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-19 14:49 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-19 14:49 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-19 14:49 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-19 14:49 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-19 14:49 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-19 14:49 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-19 14:49 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-19 14:49 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-19 14:49 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-19 14:49 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-19 14:49 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-19 14:49 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-19 14:49 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-19 14:49 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-19 14:49 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-19 14:49 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-19 14:49 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-19 14:49 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-19 14:49 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-19 14:49 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-19 14:49 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-19 14:49 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-19 14:49 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-19 14:49 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-19 14:49 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-19 14:49 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-19 14:49 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-19 14:49 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-19 14:49 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-19 14:49 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-19 14:49 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-19 14:49 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-19 14:49 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-19 14:49 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-19 14:49 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-19 14:49 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-19 14:49 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-19 14:49 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-19 14:49 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-19 14:49 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-19 14:49 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-19 14:49 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 14:49 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-19 14:49 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-19 14:49 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-19 14:49 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-19 14:49 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 14:49 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 14:49 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-19 14:49 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 14:49 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 14:49 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-19 14:49 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-19 14:49 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 14:49 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 14:49 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-19 14:49 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 14:49 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-19 14:49 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 14:49 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-19 14:49 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 14:49 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-19 14:49 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-19 14:49 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-19 14:49 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 14:49 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-19 14:49 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-19 14:49 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-19 14:49 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 14:49 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-19 14:49 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-19 14:49 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-19 14:49 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-19 14:49 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-19 14:49 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-19 14:49 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 14:49 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-19 14:49 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 14:49 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-19 14:49 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-19 14:49 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-19 14:49 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-19 14:49 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-19 14:49 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-19 14:49 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-19 14:49 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 14:49 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-19 14:49 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 14:49 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-19 14:49 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-19 14:49 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 14:49 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-19 14:49 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-19 14:49 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-19 14:49 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-19 14:49 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 14:49 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-19 14:49 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-19 14:49 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-19 14:49 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-19 14:49 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 14:49 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-19 14:49 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-19 14:49 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-19 14:49 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-19 14:49 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 14:49 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-19 14:49 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-19 14:49 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-19 14:49 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-19 14:49 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-19 14:49 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-19 14:48 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-19 14:48 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 14:48 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-17 20:17 - 2015-04-17 20:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2015-04-17 20:09 - 2015-04-17 20:15 - 150622864 _____ () C:\Users\BigToews\Downloads\WacomTablet_6.3.11-4a.exe
2015-04-05 17:02 - 2015-04-05 17:02 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 17:02 - 2015-04-05 17:02 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 16:57 - 2015-05-03 00:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-05 16:57 - 2015-04-05 16:57 - 01142128 _____ () C:\Users\BigToews\Downloads\SteamSetup.exe
2015-04-05 16:57 - 2015-04-05 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-05 16:50 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-05 16:50 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-05 16:50 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-05 16:50 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-05 16:30 - 2015-04-05 16:30 - 00000000 ____D () C:\Users\BigToews\AppData\Local\Steam
2015-04-05 14:09 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-05 14:09 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 00:46 - 2011-10-02 00:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 00:28 - 2009-07-14 01:13 - 00006502 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 00:22 - 2011-07-25 17:10 - 01787939 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 00:22 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 00:22 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 00:19 - 2011-10-01 23:47 - 00000000 ____D () C:\Users\BigToews\AppData\Local\VirtualStore
2015-05-03 00:17 - 2012-06-06 03:02 - 00000000 ___RD () C:\Users\BigToews\Dropbox
2015-05-03 00:17 - 2012-06-06 02:58 - 00000000 ____D () C:\Users\BigToews\AppData\Roaming\Dropbox
2015-05-03 00:13 - 2011-10-17 23:30 - 00000000 ____D () C:\Users\BigToews\AppData\Roaming\Spotify
2015-05-03 00:13 - 2011-10-17 23:30 - 00000000 ____D () C:\Users\BigToews\AppData\Local\Spotify
2015-05-03 00:12 - 2011-10-02 00:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-03 00:11 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 00:51 - 2013-07-03 20:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-01 21:48 - 2012-01-23 16:26 - 03201536 ___SH () C:\Users\BigToews\Desktop\Thumbs.db
2015-05-01 20:43 - 2009-07-14 00:45 - 04911680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 02:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-29 22:32 - 2012-06-06 02:59 - 00000000 ____D () C:\Users\BigToews\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-29 22:32 - 2011-10-09 16:52 - 00000000 ____D () C:\Windows\Minidump
2015-04-29 22:25 - 2011-10-01 23:47 - 00171720 _____ () C:\Users\BigToews\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-29 22:20 - 2014-01-22 23:55 - 00000000 ____D () C:\Users\BigToews\AppData\Roaming\newnext.me
2015-04-29 21:58 - 2014-06-10 20:17 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-29 21:54 - 2011-10-05 00:10 - 00000000 ____D () C:\Users\BigToews\Documents\Software
2015-04-29 21:46 - 2013-03-05 00:46 - 00000000 ____D () C:\ProgramData\Skype
2015-04-29 21:12 - 2013-03-05 00:47 - 00000000 ____D () C:\Users\BigToews\AppData\Roaming\Skype
2015-04-29 20:38 - 2011-10-04 23:44 - 00000000 ____D () C:\Users\BigToews\AppData\Roaming\Autodesk
2015-04-29 20:37 - 2011-10-04 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-04-29 20:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-29 20:08 - 2014-12-12 04:20 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-29 20:08 - 2014-05-01 02:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 21:57 - 2013-08-15 02:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-19 21:52 - 2011-07-15 15:12 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-19 14:52 - 2013-07-03 20:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-19 14:52 - 2012-06-15 21:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-19 14:52 - 2011-07-15 16:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 20:17 - 2011-10-02 00:08 - 00000000 ____D () C:\Program Files\Tablet
2015-04-17 19:57 - 2011-10-02 00:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-05 16:57 - 2011-10-01 23:47 - 00000000 ____D () C:\Users\BigToews
 
==================== Files in the root of some directories =======
 
2013-10-20 18:07 - 2014-02-15 14:50 - 0000132 _____ () C:\Users\BigToews\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-12-01 06:00 - 2014-02-15 14:42 - 0001456 _____ () C:\Users\BigToews\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-01 20:23 - 2014-10-01 20:23 - 0000000 _____ () C:\Users\BigToews\AppData\Local\{D49733DE-211B-4918-B074-81379FAA1889}
 
Some content of TEMP:
====================
C:\Users\BigToews\AppData\Local\Temp\avgnt.exe
C:\Users\BigToews\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph_u0kj.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-30 01:26
 
==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 08 May 2015 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled.

Important - Turn System Restore on or off - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===

Remove the processes using the Add/Remove programs applet.

DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
Funmoods on IE and Chrome (HKLM-x32\...\funmoods) (Version: - ) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe ",EntryPoint -m l
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4120417985-3311138565-2582081851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ddrnw
SearchScopes: HKU\S-1-5-21-4120417985-3311138565-2582081851-1000 -> DefaultScope {90B7F9EA-3B24-4673-8765-835D26CF83FF} URL = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4120417985-3311138565-2582081851-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324319&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB1CC768A-EF57-48B5-AA1D-5DB9B0F6BEC2&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4120417985-3311138565-2582081851-1000 -> {90B7F9EA-3B24-4673-8765-835D26CF83FF} URL = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll [2012-01-25] (Funmoods BHO)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll [2012-01-25] (Funmoods)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\BigToews\AppData\Roaming\Mozilla\Firefox\Profiles\at5cjh7r.default-1385943104367\searchplugins\conduit-search.xml [2014-01-22]
CHR C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [2012-01-04]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
C:\Program Files (x86)\Funmoods
C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
C:\Users\BigToews\AppData\Local\Temp\avgnt.exe
C:\Users\BigToews\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph_u0kj.dll
AlternateDataStreams: C:\Users\BigToews\Cookies:KgrS260iVmSHAcHlJD389mtm
AlternateDataStreams: C:\Users\BigToews\AppData\Local\Temp:Jpxyvrqjl50qQnPh6mFlw
AlternateDataStreams: C:\Users\BigToews\AppData\Local\Temp:QqDNL10h9yX6oMB5ps3

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 younghawk

younghawk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 08 May 2015 - 10:14 PM

hey!

 

Thank you for your response. I've followed your instructions, and this is what I've found:

 

  • I still can't set up System Restore. The way it says to do it requires me to get to the Properties of My Computer, but when I do, Windows Explorer crashes. Even tried after running through all the other suggestions. Still no luck.
  • I ran fixlist.txt from the desktop, even though your instructions said to run it from the same "folder". Don't know if that effected the process, but I got a Fixlog regardless. Hope it still worked. 
  • All the logs you need are attached. I included both the scan and protection log from MBAM, as both were produced. 

I'm still experiencing crashes in all the programs I had a problem with before, most notably the Windows Explorer crash when I try to access my Computer Properties. 

 

Awaiting your instructions beyond this point. 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 09 May 2015 - 06:19 AM


As previously suggested. Did you restore it?

ATTENTION: System Restore is disabled.

Important - Turn System Restore on or off - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

Edited by nasdaq, 09 May 2015 - 06:28 AM.


#5 younghawk

younghawk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 09 May 2015 - 10:43 AM

Hey Nasdaq,

 

I still can't access my system restore. If I right click on Computer -> Properties, the window briefly opens, then closes, and everything on my desktop disappears. A second or 2 later, my desktop icon reappear. It seems to crash every time I access it.

 

On top of that, I'm still having issue opening programs - they either crash immediately, or won't open at all.

 

The crashing programs are the ones listed in my first post.

 

Welcome to suggestions on any of these issues. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 10 May 2015 - 07:41 AM

Lets check these services.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#7 younghawk

younghawk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 10 May 2015 - 11:43 AM

Hey Nasdaq. Downloaded FBSS, and ran the scan. The results are below:
 
 
 
Farbar Service Scanner Version: 17-01-2015
Ran by BigToews (administrator) on 10-05-2015 at 12:40:50
Running from "C:\Users\BigToews\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#8 younghawk

younghawk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 10 May 2015 - 06:04 PM

So this might or might not be helpful:

 

I thought I'd see if starting up in Safe Mode made any difference in my crashes.

 

I started up my computer and held f8, but my Advance Boot Options window never appeared. Instead, the screen briefly flashed black, and skipped right to the Windows start screen. Then computer booted back up in normal mode.

 

As a work around, I tried opening up Windows System Configuration, and selecting "safe boot: network" from the "Boot"tab. This DID allow me to start up in safe mode. I then tested everything I had a problem with originally, and I could do absolutely everything. This included opening up programs like skype, itunes and steam, as well as regaining the option to "Download" from the site Dropbox (an option that magically disappears in my browser under Normal mode).

 

This seems to illustrate that I have something booting up during normal start up that's causing this problem. Could it possibly be a permissions issue? 


Edited by younghawk, 10 May 2015 - 06:05 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 11 May 2015 - 01:16 PM

Windows defender is disabled by your Avira.
Both cannot work in real life.
===

Could it possibly be a permissions issue?

Yes execute this.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    14 - Removed Temp Files
    24 - Repair Windows Safe Mode
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================


#10 younghawk

younghawk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 11 May 2015 - 03:19 PM

Hey Nasdaq,

 

I've uninstalled Avira to allow Windows Defender to do it's job properly. 

 

After I got passed Repairs, it asked me to restart before I could copy/paste anything. Instead, I've zipped and attached the log files it generated.

 

I booted back up in normal mode, and it seems SOME fixes were made. I can now use Firefox without it crashing immediately, but Windows Explorer still crashes when I try to access Properties, as well as all the programs originally listed, so no improvement there.

 

Something else interesting I found, since I've been running these checks in Safe Mode with Network enabled, I've run through a few processes that I did in during the Normal boot, just to see if the results might change. One thing that DID change was when I ran the System File Checker. When I ran it in Normal Boot, it told me Windows Resource Protection did not find any integrity violations, but when I ran it again in Safe Mode, it told me Windows Resource Protection found corrupt files but was unable to fix some of them.

 

Would you care for me to post that CBS.log?

 

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 12 May 2015 - 07:59 AM

Lets check further.

See if you can find the culprit.

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

Edited by nasdaq, 12 May 2015 - 08:06 AM.


#12 younghawk

younghawk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 12 May 2015 - 10:38 AM

Still having problems in the Clean Boot. Can't open any of the programs originally causing problems. Tried opening them with all the services and start-ups turned off. No luck. Even tried turning off Microsoft Services to see if I could start up. No luck. 

 

Skype actually started while in the Clean Boot, but crashed immediately once it opened. It was the only program to do so. Everything else crashed immediately. 

 

I found the only programs I COULD open were Google Chrome, Firefox (though it still crashed a couple times), Spotify, Sketchbook Pro, and Oovoo. 

 

Still CAN open all programs in Safe Mode though. 


Edited by younghawk, 12 May 2015 - 10:40 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 12 May 2015 - 12:26 PM

Download and save ZHP Cleaner to your desktop.
http://www.nicolascoolman.fr/download/zhpcleaner-2/
Right Click and run as administrator.
Click on the Repair button.
At the end of the process you will be asked to reboot your machine.
After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

---

I would like you to check if you have a good restore point prior to the date of the start of this saga.
We may have to go that way.
Just let me know.

#14 younghawk

younghawk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 12 May 2015 - 12:26 PM

So I did a little more digging, and checked my Reliability Report, and it seems something happened on 3/22/15 that sent my System Reliability rating from around 8-9 to a 2-3. It SEEMS connected with my AMD video card/Catalyst Control Center. I'm looking more into that now.

 

Another bit of interesting information is that all the critical event errors seems to be connected to Faulting module path: C:\Windows\SysWOW64\ntdll.dll and Faulting module path: C:\Windows\SYSTEM32\ntdll.dll. After looking into what ntdll.dll does, it seems directly connected to launching programs, which is what I'm having problems with. I'm looking into that more as well. 

 

**EDIT: Ha! We both posted at the same time. I will try your suggestion now. 


Edited by younghawk, 12 May 2015 - 12:27 PM.


#15 younghawk

younghawk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 12 May 2015 - 12:44 PM

Here's the report for ZHP Cleaner:

 

~ ZHPCleaner v2015.5.12.227 by Nicolas Coolman (12/05/2015)
~ Run by BigToews (Administrator)  (12/05/2015 13:40:38)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\BigToews\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\BigToews\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (2)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [Bad : 1]  (Hijacker.Proxy)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <local>]  (Hijacker.Proxy)
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (23)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (39)
MOVED file*: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage   (PUP.Optional)
MOVED file*: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal   (PUP.Optional)
MOVED file*: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage   (PUP.SpecialSavings)
MOVED file*: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal   (PUP.SpecialSavings)
MOVED file*: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_play.mytopfreegames.com_0.localstorage   (Adware.ScriptHost)
MOVED file*: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_play.mytopfreegames.com_0.localstorage-journal   (Adware.ScriptHost)
MOVED file*: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage   (PUP.SpecialSavings)
MOVED file*: C:\Users\BigToews\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal   (PUP.SpecialSavings)
MOVED folder: C:\Users\BigToews\AppData\Local\{5B3F2EF3-9C68-4479-96F3-C56E592B5838} (Empty)
MOVED folder: C:\Users\BigToews\AppData\Local\{74DB1533-ABFC-46D9-B9C6-3AFA59A581C8} (Empty)
MOVED folder: C:\Users\BigToews\AppData\Local\{777592D0-209D-47D4-BC7B-D784EFAEAD2F} (Empty)
MOVED folder: C:\Users\BigToews\AppData\Local\{7AE28ACD-215B-4945-B5C2-02B6AF6EA68C} (Empty)
MOVED folder: C:\Users\BigToews\AppData\Local\{8E8E5424-C07E-4F1E-BDFF-A4CFECAF4B4D} (Empty)
MOVED folder: C:\Users\BigToews\AppData\Local\{9604F99E-A9D8-4CB9-A6BB-DA9A4B68C602} (Empty)
MOVED folder: C:\Users\BigToews\AppData\Local\{981115AE-901A-4729-A580-E7E572BF14B7} (Empty)
MOVED folder: C:\Users\BigToews\AppData\Local\{E28DA19D-ED7D-4EB8-B708-0F4F970C36E2} (Empty)
MOVED folder: C:\Windows\Installer\MSI1A4C.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI1BC3.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI1D99.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI1E55.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI248E.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI2A78.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI2B24.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI2BD1.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI2C7E.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI370B.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI750.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI84CC.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI8B26.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI923B.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI986E.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9979.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9A54.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9B80.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9C7C.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9DA5.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9E62.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9EEF.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9F6D.tmp- (Empty)
 
 
---\\  Registry ( Key, Value, Data) (2)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info [474395] (PUP.ShoppinGate)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info [] (PUP.ShoppinGate)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 6194
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 43
 
 
End of clean at 13:40:47
===================
ZHPCleaner-[R]-12052015-13_40_47.txt
ZHPCleaner-[S]-12052015-13_39_33.txt
 
------------------------------------------------------------------------------------------------------------------------------------------------------
 
As for the system restore point, I can't even access it right now, because every time I try to access my System through Control Panels, Windows Explorer crashes.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users